[Koha-bugs] [Bug 25045] Add a way to restrict anonymous access to public routes (OpacPublic behaviour)

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Thu Jun 18 23:42:06 CEST 2020 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045

--- Comment #32 from Tomás Cohen Arazi <tomascohen at gmail.com> ---
(In reply to Aleisha Amohia from comment #31)
> I have tried to apply but tests fail on my devbox for 19.11.x.
> 
> $ prove -v t/db_dependent/api/v1/auth_authenticate_api_request.t 
> t/db_dependent/api/v1/auth_authenticate_api_request.t .. 
> 1..3
> # Subtest: token-based tests
>     1..10
> [2020-06-19 09:33:05.84026] [12653] [debug] POST "/api/v1/oauth/token"
> (5ef232ce)
> [2020-06-19 09:33:05.84638] [12653] [debug] Routing to controller
> "Koha::REST::V1::Auth" and action "under"
> [2020-06-19 09:33:05.84791] [12653] [debug] Routing to controller
> "Koha::REST::V1::OAuth" and action "token"
> [2020-06-19 09:33:05.86256] [12653] [debug] 200 OK (0.022287s, 44.869/s)
>     ok 1 - POST /api/v1/oauth/token
>     ok 2 - 200 OK
>     ok 3 - exact match for JSON Pointer "/expires_in"
>     ok 4 - exact match for JSON Pointer "/token_type"
>     ok 5 - has value for JSON Pointer "/access_token"
> [2020-06-19 09:33:05.86597] [12653] [debug] GET "/api/v1/patrons" (01e901a8)
> [2020-06-19 09:33:05.86677] [12653] [debug] Routing to controller
> "Koha::REST::V1::Auth" and action "under"
> [2020-06-19 09:33:05.88419] [12653] [debug] Routing to controller
> "Koha::REST::V1::Patrons" and action "list"
> [2020-06-19 09:33:06.11926] [12653] [debug] 200 OK (0.253264s, 3.948/s)
>     ok 6 - GET /api/v1/patrons
>     ok 7 - 200 OK
>     ok 8 - The 'koha.user' object is defined in the stash
>     ok 9 - Stashed koha.user object type is Koha::Patron
>     ok 10 - The stashed user is the right one
> ok 1 - token-based tests
> # Subtest: cookie-based tests
>     1..5
> [2020-06-19 09:33:06.29506] [12653] [debug] GET "/api/v1/patrons" (4f027938)
> [2020-06-19 09:33:06.29565] [12653] [debug] Routing to controller
> "Koha::REST::V1::Auth" and action "under"
> [2020-06-19 09:33:06.29736] [12653] [debug] 503 Service Unavailable
> (0.00229s, 436.681/s)
>     ok 1 - GET /api/v1/patrons
>     not ok 2 - 200 OK
> 
>     #   Failed test '200 OK'
>     #   at t/db_dependent/api/v1/auth_authenticate_api_request.t line 112.
>     #          got: '503'
>     #     expected: '200'
>     not ok 3 - The 'koha.user' object is defined in the stash
> 
>     #   Failed test 'The 'koha.user' object is defined in the stash'
>     #   at t/db_dependent/api/v1/auth_authenticate_api_request.t line 115.
>     # Looks like you planned 5 tests but ran 3.
>     # Looks like you failed 2 tests of 3 run.
> not ok 2 - cookie-based tests
> 
> #   Failed test 'cookie-based tests'
> #   at t/db_dependent/api/v1/auth_authenticate_api_request.t line 120.
> # Subtest: anonymous requests to public API
>     1..4
> [2020-06-19 09:33:06.54596] [12653] [debug] GET "/api/v1/public/biblios/3"
> (1a0aa1cd)
> [2020-06-19 09:33:06.54737] [12653] [debug] Routing to controller
> "Koha::REST::V1::Auth" and action "under"
> [2020-06-19 09:33:06.54867] [12653] [debug] 503 Service Unavailable
> (0.002694s, 371.195/s)
>     ok 1 - GET /api/v1/public/biblios/3
>     not ok 2 - Unauthorized anonymous attempt to access a resource
> 
>     #   Failed test 'Unauthorized anonymous attempt to access a resource'
>     #   at t/db_dependent/api/v1/auth_authenticate_api_request.t line 143.
>     #          got: '503'
>     #     expected: '401'
> [2020-06-19 09:33:06.55176] [12653] [debug] GET "/api/v1/public/biblios/3"
> (ece5c188)
> [2020-06-19 09:33:06.55231] [12653] [debug] Routing to controller
> "Koha::REST::V1::Auth" and action "under"
> [2020-06-19 09:33:06.55343] [12653] [debug] 503 Service Unavailable
> (0.001661s, 602.047/s)
>     ok 3 - GET /api/v1/public/biblios/3
>     not ok 4 - Successfull anonymous access to a resource
> 
>     #   Failed test 'Successfull anonymous access to a resource'
>     #   at t/db_dependent/api/v1/auth_authenticate_api_request.t line 149.
>     #          got: '503'
>     #     expected: '200'
>     # Looks like you failed 2 tests of 4.
> not ok 3 - anonymous requests to public API
> 
> #   Failed test 'anonymous requests to public API'
> #   at t/db_dependent/api/v1/auth_authenticate_api_request.t line 153.
> # Looks like you failed 2 tests of 3.
> Dubious, test returned 2 (wstat 512, 0x200)
> Failed 2/3 subtests 
> 
> Test Summary Report
> -------------------
> t/db_dependent/api/v1/auth_authenticate_api_request.t (Wstat: 512 Tests: 3
> Failed: 2)
>   Failed tests:  2-3
>   Non-zero exit status: 2
> Files=1, Tests=3,  8 wallclock secs ( 0.02 usr  0.01 sys +  3.77 cusr  1.14
> csys =  4.94 CPU)
> Result: FAIL
> 
> Please fix up and I will backport!

I'll do it tomorrow

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list